Thursday, July 19, 2018

Understanding the GDPR: General Data Protection Regulation

The GDPR–or General Data Protection Regulation–is a regulation passed by the European Union on April 27, 2016, with an effective start date of May 25, 2018. Officially classified as regulation 2016/679, the GDPR expands upon and replaces the Data Protection Directive 95/46/EC of 1995. It serves as the EU’s effort to synchronize and harmonize laws on citizen and resident data privacy throughout its member states.

GDPR is based on Privacy by Design/Default, a set of user-centric principles that bequeath a sacred status to user privacy from the get-go rather than as an afterthought. Piggybacking on that is the ability of users to sue organizations under the GDPR who might mishandle personal data. To accomplish this, the GDPR mandates new user-oriented information-handling processes to which EU companies will soon find themselves beholden, not to mention subject to significant penalties in the event of a violation.

The complete text of the GDPR legislation clocks in at 88 pages. There exist within it 173 recitals and 99 articles, each one applying universally to all EU member states. The key provisions of this sweeping legislation are provided below and constitute the essence of what the law entails and how it affects data storage and retrieval for all related EU entities.

Who the Law Protects

There is a slight bit of confusion when it comes to just who falls under the protective auspices of the GDPR measure. The term “natural person” appears frequently throughout the text, and while this indeed refers to EU citizens, it actually extends further to those merely residing in the EU.

To wit, a natural person in EU nomenclature is any human possessing “legal personality”. That’s a very law-like definition that essentially boils down to a person who acts on their own behalf rather than in the interests of a business entity (sometimes known as a “legal entity”) or a government entity (or “public entity”).

To simplify matters, all humans native to or residing inside the EU with data to protect are blanketed under the term “data subject”. The rights of these data subjects to control and even extensively delete their private data are at the heart of the GDPR.

How GDPR Defines Personal Data

The GDPR defines personal data quite simply: Information (“data”) that can be used to identify a natural person (“data subject”). This seems self-evident on its surface, and indeed, certain identity-related elements fall naturally within this definition, such as name, ID number, home address, and more. But in the current era of sophisticated online data tracking technology, the amount of transmittable, personally identifiable data has ballooned (at least in the EU’s opinion), and with it, the number of privacy touch points potentially available to corporate and government bodies.

This massive list includes, but is not limited to, online identifiers such as IP addresses, social media accounts, email addresses, accounts numbers, browser cookies, and more. Constituent to this is direct identifiers and indirect identifiers, both of which establish the data subject’s identity by degrees. For instance, a direct identifier is a name, ID number, home address, and so on. Indirect identifiers include the date of birth, location, or even title, and while they don’t pinpoint data subjects directly, they can nevertheless unmask a person’s identity when used in concert.

Wednesday, July 18, 2018

Launch of Systems Security Certified Practitioner Practice Questions

Dear Readers,

I'm happy to announce that my first course is live now on Udemy. There are 200+ practice questions for the Systems Security Certified Practitioner certification offered by (ISC)2 which are now available for you to practice. These questions have been created to capture the actual difficulty of the real exam. All the domains of the SSCP certification have been covered.

The course is divided into 6 practice tests. The first 4 tests are focussed on domain-specific questions while the 5th test is focussed on mixed questions. Part 6 is a bonus bonanza for the exam takers where again certain specific questions have been asked.

More questions will be added soon in the exam. Check out this blog (sidebar) for discounted coupon codes for the exam.

CISSP practice tests are also on their way on Udemy.

Happy Learning.

Sunday, July 8, 2018

Access Control and Mark Up Languages

Just like humans use language to talk to each other, we use languages to talk to computers as well. From an identity management and access control purposes, we are going to learn about some specific languages, but before that, it is important to understand the basics.

Today, if you visit a website, you see different kinds of animations, text floating around, advertisements which are interactive, customs views etc. How does this happen? This happens through markup languages and of course some background coding. What is a markup language then?  A markup language is a way to structure text and data sets, and it dictates how these will be viewed and used. When you adjust margins and other formatting capabilities in a word processor, you are marking up the text in the word processor’s markup language. If you develop a web page, you are using some type of markup language.

One such language which you would have heard about is the HTML (Hypertext Markup language). HTML came from Standard Generalized Markup Language (SGML), which came from the Generalized Markup Language (GML).

If you design a web page today, there are multiple such languages to choose from. The markup language allows you to structure your web page and you can control how it looks and some of the actual functionality the page provides. The use of a standard markup language also allows for interoperability. Following basic markup language standards will help you design a page that looks exactly the same on any platform.

Now, you can say, that I would use a particular language to design a webpage or a particular company can choose to adopt a proprietary language of its own. You can appreciate the chaos it would make by considering that if everyone on this earth decided to speak his/her own language, what would happen?

So to make things standardized, intelligent minds came up with a solution. The answer was XML. XML is a universal and foundational standard that provides a structure for other independent markup languages to be built from and still allow for interoperability. Markup languages with various functionalities were built from XML, and while each language provides its own individual functionality, if they all follow the core rules of XML then they are interoperable and can be used across different web-based applications and platforms.

Sounds confusing? so let’s understand this through a simple example. Let’s consider the English language. Mayur is a cybersecurity analyst, John is a zoologist and Karina is a chef. We all can speak to each other using the basic English communication rules. The basic grammatical and sentence building rules will remain the same. However, each of these individuals can use this common language to talk in terms which they can better understand. So while Mayur can have some terms such as firewall, cryptographic controls, mandatory access control, John would use the terms such as carnivorous, mammals and Karina would be using the words such as roasting, poached egg, simmering etc. Each profession has its own “language” to meet its own needs, but each is based on the same core language—English.

In a similar manner, the world wide web also uses a common language such as XML and then each profession can build a new language based on this language to cater to their specific needs.

Now, I’m into the field of cybersecurity and I would like to tweak some languages to help me out with identity and access management. So what should I do?

Well, the intelligent minds before us came together and developed some languages for you which we are going to learn about.

The first one is - Service Provisioning Markup Language (SPML) that allows for the exchange of provisioning data between applications, which could reside in one organization or many.

Consider, John has joined the company IloveITSolutions as a security specialist. An account needs to be created for him, where he would have access to multiple servers, accounts and what not. The language which comes to the rescue of the administrator is the SPML. SPML allows for the automation of user management (account creation, amendments, revocation) and access entitlement configuration related to electronically published services across multiple provisioning systems. This markup language allows for the integration and interoperation of service provisioning requests across various platforms.

It is easy to say that SPML will do all the work. But we must understand how does it do that? SPML is made up of three main entities: The Requesting Authority (RA), which is the entity that is making the request to set up a new account or make changes to an existing account; the Provisioning Service Provider (PSP), which is the software that responds to the account requests; and the Provisioning Service Target (PST), which is the entity that carries out the provisioning activities on the requested system.

When John joins the company, the RA is asked to get to work. The RA creates SPML messages, which provide the requirements of the new account. Whom does it send these requests to? The PSP. This piece of software reviews the requests and compares them to the organization’s approved account creation criteria. If these requests are allowed, the PSP sends new SPML messages to the end systems (PST) that the user actually needs to access. Software on the PST sets up the requested accounts and configures the necessary access rights.

[Sponsored ]Key Features to Look for in a Salesforce Cisco Integration

Investing in a robust CRM like Salesforce is one of the best decisions a business can make. These days where customer experience drives business success, leverage technology like Salesforce indicates a commitment to delivering great service and contributing meaningfully to the success of your customers. Salesforce has allowed companies to build tech stacks that truly work for their teams. For client-facing teams, a reliable CTI like Salesforce-Cisco integration is indispensable.

Computer Telephony Integration or CTI allows teams to connect CRMs like Salesforce to their phone systems. Today, millions of users rely on Salesforce and Cisco, as these solutions are both reliable and time-tested. Integrating the two allows teams to get the most out of each one. Contact centers, helpdesks, sales floors, and customer service reps benefit from CTI solutions directly through features that they use in their daily workflows.

When searching for a Salesforce Cisco integration provider, make sure they deliver these key features:


Click-to-dial transforms phone numbers within Salesforce and your internet browser into links that go straight into a call when clicked. This web-to-phone feature makes the calling process seamless, doing away with having to manually dial on your deskphone and on-screen softphone.

For teams that deal with high call volumes day in and out, the click-to-dial feature delivers big savings in the form of shaved seconds that easily translate to hours per team per day. Click-to-dial directly affects the bottomline and influences important business activities like workforce management and resource planning.


Screenpops are a key feature of an effective Salesforce Cisco integration. Screenpops are on-screen pop-ups that deliver customer records instantly when you make an outbound or inbound call. Some CTI solutions only offer screenpops that show recorded customer data in a uniform manner. It’s best to choose a CTI solution that displays role-based customer records. For example, a service rep would need different data compared to a sales agent. Role-based customer data display from screenpops level-up the benefits teams can get out of their integrations.

Call notes, call dispositions

Still part of the screenpop, a key feature you must look for in a CTI solution is the ability to take notes right on the pop-up. Some providers only allow you to view records and will bring the rep or agent to the CRM interface if they want to make changes to the record. Best-in-class CTI solutions provide teams the option to change call dispositions, take notes, and create tasks right on the screen pop. Any client-facing team will benefit from the saved time and smoother workflow of this feature.

Task creation through natural language processing

Task creation right on the screenpop saves a lot of time especially for big teams. A way to amplify this benefit is through natural language processing. Natural language processing or NLP uses machine learning to “read” a user’s notes and creates tasks and calendar entries based on them.

Team collaboration features

Integrating Salesforce and Cisco also makes team collaboration easier for sales, support, and service teams, especially when their chosen CTI solution provides features that foster teamwork. The @mention feature makes it easier for reps to quickly assign or notify teammates about call updates or any pending action items that need to be done.

Automatic call logging

Your CTI should help you get the most out of Salesforce. Automatic call logging should is a basic but crucial feature that CTI providers should be able to deliver. When a user takes notes and wraps up a call on the screenpop, this feature automatically logs the updates on the CRM, saving time that used to go to manually entering call updates, setting dispositions, and assigning tasks to teammates. Automatic call logging ensures that organizations are on the same page across different departments.

Local presence dialing

Another key Salesforce Cisco integration feature that’s extra important for sales teams is local presence dialing. Local presence allows sales teams to show a local area code on the caller ID of the person they’re calling. This improves pick up and connect rates for outbound calling teams.

Call reporting and analytics

Any business would benefit from the constant improvement of their teams that are in constant contact with their prospects and customers. Today, organizations are committed to making data-driven decisions when it comes to implementing changes and solutions to improve the results they’re getting no matter the department. A key feature you’d have to look for in a Salesforce-Cisco integration is the ability to support your data-driven efforts.

With high volume calling, managers are unable to monitor each call, leaving teams in the dark when they don’t have a data capture solution in place. CTI solutions should be able to provide features that allow management activities like call monitoring, call recording, call transcription, and data-rich call activity records.

With call reporting and call analytics features, organizations can use the gathered and visually-presented data to categorically measure the performance of their teams, craft targeted solutions to their unique challenges, and track important customer experience metrics.
From customer service call centers to sales floors, these key CTI features ensure that businesses are able to maintain and gain competitive advantage through technology that allows them to deliver great customer experience

Note: This article is published on this blog in collaboration with Tenfold. For any queries/concerns, you can connect with the team at